On November 17, 2020, Canada’s Minister of Innovation, Science and Industry introduced the proposed Digital Charter Implementation Act (DCIA or “Act”), new legislation from the Liberal Party of Canada that could dramatically alter how the country regulates consumer data.[1]
Continue Reading Canada Proposes New Privacy Bill
The Schrems II decision, issued on July 16, 2020, continues to impact the ability of organizations to transfer personal data from the European Economic Area to the United States. The effects of the decision are now felt in Switzerland as
Continue Reading Swiss-U.S. Privacy Shield Invalidated by Swiss Commissioner
On September 3, 2020, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (“LIBE Committee”) held a meeting to discuss the Schrems II decision and the future of personal data transfers between the European Economic Area (EEA) and
Continue Reading European Parliament Committee Discusses the Future of EEA-U.S. Data Flows
On September 4, 2020, the European Data Protection Board (EDPB) announced that it had created two task forces following the Schrems II decision.[1] The first task force will prepare recommendations to support controllers and processors regarding their duties in
Continue Reading EDPB Establishes and Appoints Task Forces to Prepare Recommendations and Review Complaints Following the Schrems II Decision
On September 7, 2020, the European Data Protection Board (EDPB) issued draft guidelines clarifying the concepts of “controller,” “joint controller,” “processor” and “third party” under the General Data Protection Regulation (GDPR). These concepts are important under the GDPR, as they
Continue Reading EDPB Issues Draft of GDPR Controller-Processor Guidelines
U.S. Department of Commerce and European Commission Release Joint Press Statement
On August 10, 2020, the U.S. Secretary of Commerce, Wilbur Ross, and the European Commissioner for Justice, Didier Reynders, released a Joint Press Statement (“Press Statement”) regarding the status
Continue Reading The Department of Commerce Continues Efforts to Address Cross-Border Data Transfers Under the GDPR After the Invalidation of the Privacy Shield
The General Data Protection Regulation (GDPR), Europe’s restrictive data protection law, permits the transfer of personal data from the European Economic Area1 (EEA) to other countries only under limited circumstances. On July 16, 2020, the Court of Justice of
Continue Reading European High Court Invalidates Privacy Shield, but Upholds Standard Contractual Clauses for International Data Transfers Under the GDPR
In 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act, imposed direct liability on business associates for certain violations of the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the “HIPAA Rules”). The resulting 2013 HHS Office for
Continue Reading OCR Guidance May Signal Increase in Enforcement Activity Against Business Associates
As regulators attempt to keep pace with the ever-changing technological landscape, legislation and agency guidance continue to evolve. Two recent developments worth noting:
Continue Reading Recent Developments in Consumer Privacy Legislation and Cybersecurity Practices
All 50 states have enacted their own version of a data breach notification statute requiring notice to affected individuals and/or regulatory bodies in the event of data loss, unauthorized data access or data exfiltration of personally identifiable information (“PII”). Many
Continue Reading Encryption Considerations under Data Breach Notification Laws
